One of the commonly deployed distributed denial of service (DDoS) mitigation mechanisms detects one or more malicious flows and diverts the malicious flow(s) towards a “sink/scrubber” for further processing. This mechanism generally works on a per attack basis and generally includes detecting a new attack vector, identifying the corresponding flows, sinking them, and identifying network ingress points to ensure such attack flows can be contained using a security policy.
The DDoS Open Threat Signaling (DOTS) standards, described in several Internet Engineering Task Force (IETF) papers, are being developed to address DDoS mitigation in a distributed security architecture, based on real-time signaling of DDoS related telemetry and threat handling requests and data between elements concerned with DDoS attack detection, classification, trace back, and mitigation. In accordance with DOTS, a DOTS client normally communicates with a DOTS server. The DOTS server computes relevant policies based on an attack and pushes the policies to the DOTS client or clients.